1
n01un0
Forbidden error all of a sudden......
  • 2007/4/11 17:02

  • n01un0

  • Quite a regular

  • Posts: 253

  • Since: 2005/10/9


Every time I try to add a new custom block with javascript, I keep getting a Forbidden page with:

You don't have permission to access /modules/system/admin.php on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

This just happened without making any changes (add or deleting modules).

Any idea what is causing this or how to remedy?

Thanks

2
martyboy
Re: Forbidden error all of a sudden......
  • 2007/4/11 20:01

  • martyboy

  • Quite a regular

  • Posts: 256

  • Since: 2004/5/25


Hi, sounds like a hosting issue, maybe your host has installed a security filter onto the server, i f i remember i had a similar problem a while ago.

Check with your host and if they have you can add something like the following to your .htaccess file to turn the security filter off.

SecFilterEngine Off
SecFilterScanPOST Off
Michael Jackson = King Of Pop

Xoops = King Of CMS

3
n01un0
Re: Forbidden error all of a sudden......
  • 2007/4/12 19:54

  • n01un0

  • Quite a regular

  • Posts: 253

  • Since: 2005/10/9


I emailed them yesterday and they had no idea what I was talking about and said there have been no changes. This obviously has to be a server side issue because I have went to three other sites of mine on the same server using XOOPS and tried to insert a custom block with a .
4
n01un0
Re: Forbidden error all of a sudden......
  • 2007/4/13 21:16

  • n01un0

  • Quite a regular

  • Posts: 253

  • Since: 2005/10/9


FIXED!!

<IfModule mod_security.c>
    
SecFilterEngine Off
    SecFilterScanPOST Off
IfModule>


The above did the trick. Everthing working fine now!!
Now I gotta go fix all the rest of the sites, haha

Thanks

5
LOKI2006
Re: Forbidden error all of a sudden......
  • 2007/6/6 13:33

  • LOKI2006

  • Just popping in

  • Posts: 4

  • Since: 2006/6/8 2


I had a different problem with the mod_security.

After moving my website to a new hosting company, I was no more able to change templates or to modify my footer.

I did not get any error message, even after having turned on the debug mode.

I contacted the tech support and got the server log:

Quote:

[Wed Jun 6 05:22:29 2007] [error] [client 195.93.102.4] mod_security: Warning. Pattern match "phpsessid" at ARGS_VALUES("xoops_redirect") [msg "XSS attack"] [severity "EMERGENCY"] [hostname "www.destination-casino.com"] [uri "/user.php"]
[Wed Jun 6 09:56:09 2007] [error] [client 195.93.102.4] mod_security: Warning. Pattern match "phpsessid" at ARGS_VALUES("xoops_redirect") [msg "XSS attack"] [severity "EMERGENCY"] [hostname "www.destination-casino.com "] [uri "/user.php"]
[Wed Jun 6 11:30:10 2007] [error] [client 206.53.62.20] mod_security: Access denied with redirect to [/]. Pattern match "<(.|\\\\n)+>" at POST_PAYLOAD [severity "EMERGENCY"] [hostname "destination-casino.com"] [uri "/index.php"]
[Wed Jun 6 11:30:20 2007] [error] [client 206.53.62.20] mod_security: Access denied with redirect to [/]. Pattern match "<(.|\\\\n)+>" at POST_PAYLOAD [severity "EMERGENCY"] [hostname "destination-casino.com"] [uri "/modules/index.php"]
[Wed Jun 6 11:30:31 2007] [error] [client 206.53.62.20] mod_security: Access denied with redirect to [/]. Pattern match "<(.|\\\\n)+>" at POST_PAYLOAD [severity "EMERGENCY"] [hostname "destination-casino.com"] [uri "/modules/news/index.php"]
[Wed Jun 6 12:36:23 2007] [error] [client 195.93.102.4] mod_security: Warning. Pattern match "phpsessid" at ARGS_VALUES("xoops_redirect") [msg "XSS attack"] [severity "EMERGENCY"] [hostname "www.destination-casino.com "] [uri "/user.php"]
----------------


These were the errors generated when trying to edit the tplsource table from PhpMyAdmin.

Looks like the \\\n in the tplsource were considered as an XSS attack

I included the following lines (found on this topic)
<IfModule mod_security.c>
    
SecFilterEngine Off
    SecFilterScanPOST Off
IfModule>


and everything is back to normal

Thank you Martyboy

6
CiberEspia
Re: Forbidden error all of a sudden......

thanks you!
my problem is solved width .htaccess:
<IfModule mod_security.c>
    
SecFilterEngine Off
    SecFilterScanPOST Off
IfModule>
Mario Burga
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>Adictoshp.org|Web Blog<<
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

7
BlueStocking
Re: Forbidden error all of a sudden......

by CiberEspia on 2007/8/14 12:47:16

Thanks, in the meantime I visited your blog and will be going back. I added it to my Blogs page for easy access.
Google maps are a nice touch.
Again, thank you.
...darcy

http://www.xoops.net.br/index.php?title=Category:Blogs
hhttps://xoops.org/modules/repository .. It is time to get involved - XOOPS.ORG

Login

Who's Online

302 user(s) are online (273 user(s) are browsing Support Forums)


Members: 0


Guests: 302


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits